Q: Can SSLv3 be disabled on Mountain Lion Server?

Our internal network security folks are demanding that we disable SSLv3 completely running on port 443 on our 10.8.5 Mountain Lion Server (Server 2.2.2) for "Poodle". The box supports iPhones/iPads in the field (over 100). From what I can glean, Profile Manager is heavily, if not totally, dependent on SSLv3 to function.

This article references a fix already applied by Apple for Server version 2.2.5 - not 2.2.2.

This article references how Apple "mitigated" the exposure in Security Update 2014-005 (for all compatible servers).

Mac Pro, Mac OS X (10.7.3)

Posted on Jan 14, 2015 1:53 PM

I have this question too

Q: Can SSLv3 be disabled on Mountain Lion Server?

All replies

Helpful answers

by macadmin78,Helpful

macadmin78 Jan 15, 2015 6:27 AM in response to DOLAdmin
Level 1 (50 points)

Jan 15, 2015 6:27 AM in response to DOLAdmin

It looks like only the web interface to profile manager users port 443.
see:
OS X Server: Ports used by Profile Manager - Apple Support

To disable sslv3 for apache, edit the appropriate file(s) in
/Library/Server/Web/Config/apapche2/sites/

look for : SSLProtocol
if it is -All +sslv3 +tls, remove the sslv3
if it is All -sslv2, add -sslv3 to the string.

There's a similar line for ssl proxy protocols. Same thing there.

restart the web service.

You can check your work at slabs.com
Reply options

Link to this post

by DOLAdmin,

DOLAdmin Jan 15, 2015 12:18 PM in response to macadmin78
Level 1 (0 points)

Jan 15, 2015 12:18 PM in response to macadmin78

I'll give it a try thanks.
Reply options

Link to this post

by DOLAdmin,

DOLAdmin Jan 16, 2015 1:07 PM in response to DOLAdmin
Level 1 (0 points)

Jan 16, 2015 1:07 PM in response to DOLAdmin

Also wondering if I disable this protocol, will Profile Manager continue to work? Anyone?
Reply options

Link to this post

Q: Can SSLv3 be disabled on Mountain Lion Server?

All replies Helpful answers

by macadmin78,★Helpful

by DOLAdmin,

by DOLAdmin,

All replies

Helpful answers

by macadmin78,Helpful